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ABSTRACT 


In  this  paper,  we  consider  one  aspect  of  the  PHC  system  level  fault 
model,  the  properties  of  the  Implied  faulty  sets.  For  T-dlagnosable 
systems  that  have  at  most  i  faulty  units,  we  present  lower  bounds  on  the 
cardinality  of  the  maximal  Implied  faulty  sets.  When  t  <  2,  we  show 
that  the  cardinality  of  the  maximal  Implied  faulty  sets  Is  greater  than 
t.  In  the  case  t  >  2  we  have  two  results* 

(I)  the  cardinality  of  the  maximal  Implied  faulty  sets  associated  with 
the  faulty  units  Is  greater  than  or  equal  to  t  -  k  +  1,  where  k  Is  the 
smallest  Integer  such  that  t  <6 k  +  2,  and 

(II)  the  cardinality  of  the  maximal  Implied  faulty  sets  of  all  the  units 
Is  greater  than  or  equal  to  \  -  k  +  I,  where  now  k  Is  the  smallest 
Integer  such  that  t  <  71c  +  2. 

Finally,  we  show  that  these  bounds  are  greatest  lower  bounds  and  In  the 
conclusion  Indicate  how  these  results  may  be  used  In  diagnosis  algo¬ 
rithms. 
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I ,  INTRODUCTION 

The  PNC  system  level  fault  model  [PRE67]  consists  of  a  set  of  units 
0  ■  (Uj .Ugr . . . »unJ  capable  of  testing  one  another  and  a  set  of  ordered 
pairs  ((Uj.Uj)  |  tests  u^)  describing  the  organization  of  the  tests. 
The  model  Is  defined  by  the  fault-test  relationship  which  specifies  the 
test  outcome  a^  ^  In  terms  of  the  status  of  both  the  unit  applying 
the  test  and  the  unit  u^  being  tested.  If  Uj  Is  nonfaulty,  then 
Sj  j  *  0  if  Is  nonfaulty  and  a^^  *  1  if  is  faulty,  and  If  is 
faulty,  the  test  outcome  a.  .  *  0  or  I,  independent  of  the  status  of  u.. 

iij  j 

A  collection  of  all  test  outcomes  is  called  a  syndrome.  The  model  can 
be  represented  by  the  directed  graph  G  =  (U,E),  In  which  the  vertices  In 
0  are  the  units  and  the  edges  In  E  are  the  tests  between  units.  The 
test  outcomes  are  the  edge  labels  of  the  graph,  and  thus  G  has  both  0- 
edges  and  1-edges.  The  model  has  been  studied  extensively  and  among 
topics  that  have  been  addressed  are  conditions  for  x-dlagnosabl I  tty 
([PRE67],  [HAK74],  [ALL75],  [CHW81],  [KEN84])  and  algorithms  for  system 
diagnosis  ([KAN75],  [MEY78],  [HAD77],  [MEY81],  [DAH84],  [DAH85]) .  In 
this  paper  we  consider  only  system  diagnosis,  and  more  specifically 
those  properties  of  Implied  faulty  sets  that  may  be  used  for  system 
diagnosis.  ~  <  ■ 1  L  >  '  4  ■*  >  L 

•  ■  v  0 

Given  a  syndrome,  the  diagnosis  problem  consists  of  Identifying  the 
set  of  faulty  units  F g  and  the  set  of  nonfaulty  units  G g.  A  system  Is 
t-dlagnosable  If  and  only  If  all  faulty  units  can  be  Identified  from  the 
syndrome  whenever  the  system  has  at  most  t  faulty  units  [PRE67J.  for  a 
t  given  syndrome,  a  partition  (G,F)  Is  consistent  with  the  syndrome  If 
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every  test  among  units  In  G  has  a  0  outcome  and  every  test  from  a  unit 
In  G  to  a  unit  In  F  has  a  1  outcome.  Diagnosis  of  a  T-dlagr>osable  sys¬ 
tem  with  at  most  t  faulty  units  requires  Identifying  the  unique  con¬ 
sistent  partition  <Gg,Fg)  such  that  lFgl  <  x. 

Diagnosis  algorithms  use  the  concepts  of  Implied  nonfaulty  and 
Implied  faulty  sets  either  directly  £MEY79],  [MEY81],  [DAH85] ,  or 
Indirectly  to  transform  the  diagnosis  problem  into  a  graph  support  prob 
lem  EMAD77],  [DAH84] .  We  recall  that  for  a  given  syndrome,  the  implied 
nonfaulty  set  G(u^)  for  the  unit  Is  the  set  of  all  units  that  are 
Implied  nonfaulty  If  is  assumed  to  be  nonfaulty  and  the  implied 
faulty  set  L(u^)  is  the  set  of  all  units  that  are  implied  faulty  if 
Is  assumed  to  be  nonfaulty  [KAM75].  Thus,  If  we  define  a  0-path  In  the 
graph  G  as  a  path  In  which  every  edge  Is  a  0-edge,  we  see  that 


and 


6<V  =  {up  U 

(Uj  j  there  is  a  0-path  from  to  u^}  , 


Ku^)  *  («ij  |  there  exists  up  in  G(Uj),  in  G(Uj) 
and  either  apq  =  1  or  aq  =  1  or  both)  . 

It  Is  clear  that  If  Mu^)  n  G<u^ )  ♦  ♦  ,  then  the  unit  Is  faulty.  Many 
diagnosis  algorithms  take  advantage  of  this  fact  by  declaring  such  units 
faulty  and  concentrating  on  the  problem  of  diagnosing  the  resulting 
reduced  system.  Direct  algorithms  are  less  complex  than  graph  support 
algorithms,  but  the  needed  properties  of  Implied  sets  are  known  only  for 
restricted  classes  of  testing  structures.  For  example,  If  a  system  Is 
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t-diagnosable  and  has  at  most  x  faulty  units,  the  algorithm  In  [HEY8I] 
identifies  the  set  of  faulty  units  If  there  exists  at  least  one  faulty 
unit  Ujj  such  that  either  L(a^)  n  G(Uj)  ♦  +  or  IL(Uj)l  *  x  +  I.  Only  x- 
dlagnosable  systems  In  which  no  two  units  test  each  other  are  known  to 
have  this  property  [MEY83].  The  structural  constraints  associated  with 
self-implicating  systems  [DAH85]  are  even  stronger. 

In  this  paper  we  do  not  Impose  structural  constraints  on  the  test 
organization,  and  we  analyze  the  properties  of  the  Implied  faulty  sets 
that  may  be  used  In  direct  diagnosis  algorithms  only  under  the  assump¬ 
tions  that  the  system  Is  t-dlagnosable  and  that  the  number  of  faulty 
units  Is  not  greater  than  t.  The  main  thrust  of  our  effort  Is  directed 
at  obtaining  lower  bounds  on  the  cardinality  of  the  maximal  Implied 
faulty  sets  associated  with  not  only  the  units  In  Fgt  but  also  the  units 
In  Gg.  When  x  <  2,  a  direct  approach  is  possible  and  the  cardinality  of 
the  maximal  Implied  faulty  sets  Is  greater  than  x.  This  result  Is 
presented  In  Section  It.  When  ?  >  2,  we  need  the  concept  of  a  critical 
subset  In  order  to  pursue  our  Investigation.  A  subset  X  of  S  Is  a  crit¬ 
ical  subset  of  S  If  and  only  If  there  are  no  0-edges  from  S  -  X  into  X. 
Critical  subsets  and  partitions  of  critical  subsets  play  a  major  role  In 
the  analysis  of  Implied  faulty  sets  when  x  >  2,  and  their  properties  are 
discussed  In  Section  III.  The  set  Fg  of  faulty  units  is  a  critical  sub¬ 
set  of  S,  and  under  the  appropriate  assumptions.  Its  partition  consists 
of  either  one  or  two  blocks.  That  fact  Is  used  In  Section  IV  to  obtain 
the  greatest  lower  bound  on  the  cardinality  of  the  maximal  sets  L(Uj) 
associated  with  the  units  In  Fgt  that  Is  at  least  one  unit  tij  In  Fg 


exists  such  that  IL(Uj)l  »  t-k+1,  where  k  Is  the  smallest  integer  such 
that  t  <  6 k+2.  When  t  >  2.  the  unit  with  the  maximal  implied  faulty  set 
may  not  be  faulty,  and  thus  we  must  consider  not  only  the  units  In  Fgt 
but  also  the  nonfaulty  units.  This  analysis  Is  presented  In  Section  V. 
In  that  case,  we  note  that,  under  the  appropriate  assumptions,  we  may 
have  one,  two  or  three  blocks  in  the  partition  of  Fg.  The  analysis  is 
more  complex  than  when  we  restrict  ourselves  to  only  faulty  units,  but 
we  are  again  able  to  obtain  the  greatest  lower  bound  on  the  cardinality 
of  the  maximal  L(u^),  that  is  at  least  one  unit  in  S  exists  such  that 
l£(Uj)l  »  T-k-fl,  where  k  is  the  smallest  integer  such  that  t  <  7 k+2. 
Finally,  In  Section  VI,  we  indicate  briefly  how  the  paper's  results  may 
be  used  In  decoding  algorithms. 
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II.  IMPLIED  FAULTY  SETS:  t  <  2 

Theorem  h  If  S  Is  t-dlagnosable,  If  1  <  IFgl  <  t,  and  if  t  <  2,  at 
least  one  unit  In  F„  exists  such  that  IL(Uj)l  >  t  +  1. 

Proof*  Suppose  that  S  Is  t-diagnosable,  *  <  2,  and  Fg  =  {u^}.  The 
faulty  unit  Is  tested  by  a  minimum  of  t  nonfaulty  units.  Every  unit 
that  tests  implies  it  faulty,  hence  is  in  L(u^).  If  is  tested  by 
more  than  t  other  units,  then  IL(Uj)|  >  t  +  I.  Suppose  that  Uj  is 
tested  by  exactly  t  other  units,  and  let  Z  *  (iij)  u  {u^  {  uk  teats  u^}. 
Since  S  is  t-dlagnosabie  and  IZI  «  x  +  1  <  2x  for  t  >  1,  Z  must  be 
tested  by  at  least 


t  -  r<*+l)/21  ♦  1  =  l(t+l)/2J 


other  units  In  S  -  Z.  All  units  In  S  -  Z  are  nonfaulty,  so  every  unit 
In  S  -  Z  that  tests  Z  belongs  to  L(u^),  and  therefore 
IL(Uj) •  >  x  +  1(t+1)/2J  >  t  +  1  for  t  >  1. 

Suppose  now  that  S  Is  T-dlagnosable,  t  »  2,  and  Fg  =  (uj,uk).  If 
either  or  u*  is  tested  by  more  than  t  nonfaulty  units  then  either 
lL(u^)l  >  x  +  1  or  IL(u^) I  )  t  +  1  or  both.  Suppose  that  each  of 
(UjtU^)  is  tested  by  at  most  x  nonfaulty  units.  Let  X  be  the  set  of 
units  In  S  -  Fs  that  test  either  or  u^.  At  least  x  nonfaulty  units 
test  either  one  or  both  of  the  units  In  Fg,  hence  III  >  2.  If  IXI  *  2, 
then  IXI  +  lFgl  m  4  »  2t  and  at  least  x  -  fZt/21  +1=1  unit  in 
S  -  (Fg  U  X)  must  test  the  units  in  X  U  Fg.  Let  Y  be  the  set  of  units 
In  8  -  (X  U  Fg)  that  test  the  units  In  X  U  Fg,  then 


IXI  +  IYI  >  3  *  i  +  1.  All  units  In  Y  are  nonfaulty,  thus 
(X  U  Y)  C  (£(Uj)  U  Hu £>).  This  implies  that  either 
IMUj)  0  (X  U  Y) I  >  2  or  IL(u^)  fl  (X  U  Y)l  >  2  or  both. 

Now  consider  the  tests  between  the  faulty  units  and  u^.  If 

tests  and  =  0  then  Huk)  £  L( Uj),  (X  U  Y)  C  L(Uj),  and 

IL(Uj)l  >t+l.  Similarly,  if  tests  and  ak  ^  -  0  then 

(X  U  Y)  £  L(uk)  and  ILiu^)!  >  i  +  I.  If  Uj  tests  and  a^  k  ■  I  or  if 

tests  Uj  and  a^  ^  *  1  then  u^  is  in  Ltu^)  and  is  in  L(u^).  In 
this  case  IL(u^)l  >  1  +  IL(u^)  n  (X  U  Y)l  and 
ILCufc)l  >  1  +  lL(ufc)  n  (X  U  Y)l,  thus  either  IL(Uj)l  >  t  *  1  or 
IL(u^)l  >  t  +  l  or  both. 

If  there  are  no  tests  between  and  then  both  Uj  and  are 
tested  by  exactly  i  nonfaulty  units.  Let  {up»uq}  be  the  nonfaulty  units 
that  test  Uj,  thus  {up,uq}  c  Huj).  Since  S  is  i-diagnosable,  at  least 
i  other  units  test  the  pair  {Uj,Up}.  Only  one  unit,  uq,  is  known  to 
test  this  pair.  If  a  nonfaulty  unit  other  than  uq  tests  either  or 
Up,  then  this  unit  also  belongs  to  Huj)  and  IL(u^)l  >  t  +  1.  If 
tests  Up  and  akp  «  0,  then  is  in  L( u^)  and  IL(Uj)f  >  i  *  I.  There¬ 
fore,  u.  must  test  u_  and  afc  „  *  1.  A  similar  situation  occurs  for  the 

k  p  k,p 

pair  {Uj,uq},  therefore,  tests  uq,  akq  *  I,  and  {up,uq}  C  Uuk) . 

The  set  Z  *  (Uj,u^,Up,uq)  has  cardinality  IZI  *  4  *  2t,  so  Z  must  be 
tested  by  at  least  one  nonfaulty  unit  in  S  -  Z.  Any  nonfaulty  unit  that 
tests  a  unit  In  Z  belongs  to  either  L(u^)  or  Liu^)  or  both,  thus  either 
IL(Uj)i  )  t  ♦  1  or  IL(u^) I  >  t  +  I  or  both,  o 


Theorem  1  shows  that  for  i-dlagnosable  systems  in  which 
1  <  iFgl  (  t  (  2  at  least  one  faulty  unit  Uj  exists  such  that 
IL(Uj)l  >  t  +  1.  The  next  result  shows  that  for  the  implied  faulty  sets 
associated  with  faulty  units  this  lower  bound  is  actually  the  greatest 
lower  bound. 

Lena  1*  To  the  Integers  i  =  1  and  -i  =  2  correspond  at  least  one  i- 
dtagnosable  system  5  that  has  i  faulty  units  and  one  syndrome  such  that: 

(I)  LOij)  n  G(uf)  =  ♦  for  every  unit  in  S, 

(II)  IL(u^)l  *  t  +  1  for  every  faulty  unit  .  and 

(III)  l£(Uj)f  =  t  for  every  nonfaulty  unit  u^. 

Proof t  The  examples  in  this  proof  are  from  the  class  of  D.  x- 

0,1 

diagnosable  systems  [PRE67].  Figure  1  shows  a  l-dlagnosable  Dj  j  system 
consisting  of  three  units:  unit  Uj  is  faulty  and  units  and  u3  are 
nonfaulty.  For  the  given  syndrome  the  Implied  nonfaulty  sets  are 
<7(Uj)  *  (Uj),  GU12)  =  {U2*u3)»  and  C(“3>  *  {“3)*  The  implied  nonfaulty 
sets  are  £.(Uj)  *  L(U2)  «  (Uj),  and  L(u3)  «  (Uj).  The  system  is 

l-dlagnosable.  It  has  1  faulty  unit.  It  has  a  syndrome  such  that 
L(Uj)  n  G(Uj)  =  ♦  for  all  units  u^f  IL(U|)I  =  2  for  the  faulty  unit  U|, 
and  IL(u^)l  *  1  for  the  nonfaulty  units  112  and  u^. 

Figure  2  shows  a  2-dlagnosable  Dj  ^  system  that  has  five  units. 

The  units  are  faulty  and  the  units  {u^,u^,u^}  are  nonfaulty. 

For  the  given  syndrome  the  Implied  nonfaulty  sets  are  G(Uj)  =  (uj.ug), 

G( Ug)  -  (u2),  <*(u3)  *  (u3,u4,u5),  G(u4)  *  (u4,u5),  and  G(u5)  =  (u5). 

The  implied  faulty  sets  are  L(Uj)  =  {u3,u4,u5J,  1  s  I  and  2,  and 


L(tij )  «  {Uj,u2)  ,  i  =  3,  4  and  5.  The  system  is  2-diagnosable,  it  has  2 
faulty  units,  it  has  a  syndrome  such  that  L( u^)  n  Ciu^)  =  4  for  all 
units  u ^ ,  IL(u^)t  *  3  for  the  two  faulty  units,  and  IL(upi  =  2  for  the 
three  nonfaulty  units. 

In  both  examples  the  t-diagnosable  system  has  t  faulty  units  and  a 
syndrome  such  that  Hup  fl  G(up  =  4  for  all  units  u^,  IL(u^)l  =  t  +  1 
for  all  of  the  faulty  units,  and  ILIUjJi  =  i  for  all  of  the  nonfaulty 
units.  ° 

Theorem  1  gives  a  lower  bound  on  the  cardinality  of  the  maximal 
implied  faulty  set  associated  with  the  faulty  units.  It  is  clear  that 
IL(Uj)l  <  t  whenever  the  unit  in  nonfaulty,  and  therefore  when  t  <  2, 
the  consideration  of  nonfaulty  units  does  not  result  In  an  Improvement 
of  the  lower  bound  on  the  cardinality  of  Hup. 

Theorem  2t  If  S  is  i-diagnosable,  if  I  <  IFgl  <  t,  and  if  t  <  2,  at 
least  one  unit  u.  in  S  exists  such  that  IL(uf)l  >  \  +  1. 
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111.  CRITICAL  SUBSETS 

A  subset  X  of  S  Is  a  critical  subset  of  S  If  and  only  If  there  are 
no  0-edges  from  S  -  X  Into  X  or  equivalently: 

Definition  It  A  subset  X  of  S  Is  a  critical  subset  of  S  If  and  only  If 
G(u£)  fl  X  =  ♦  for  all  units  In  S  -  X. 

Critical  subsets  play  a  major  role  In  the  Investigation  of  the  pro¬ 
perties  of  the  PMC  system  level  fault  model  because  the  set  of  faulty 
units  Fg  Is  always  a  critical  subset  of  S.  Thus  to  be  a  critical  subset 
of  S  Is  a  necessary  condition  for  a  subset  X  to  be  the  set  of  faulty 
units,  but  that  condition  Is  not  sufficient.  Note  that  Definition  1 
Implies  that  the  empty  set  4  and  the  set  S  Itself  are  both  critical  sub¬ 
sets  of  S. 

If  S  Is  x-dlagnosable  the  next  result  gives  a  lower  bound  on  the 
cardinality  of  the  maximal  Implied  faulty  set  for  units  In  critical  sub¬ 
sets. 

Lemma  2t  If  s  Is  T-dlagnosable  and  If  X  Is  a  non-empty  critical  subset 
of  S,  then  IMu*)!  >  t  -  flXI/2]  +  1  for  at  least  one  unit  u»  in  X. 

Proof i  The  set  X  Is  a  critical  subset  of  S  and  therefore  there  are  no 
0-edges  from  S  -  X  to  X.  Let  u*  be  a  unit  in  X  such  that 
lL(u»)l  >  IL(Uj)l  for  all  Uj  In  X  and  let  X'  be  the  subset  of  X  that 
consists  of  all  the  units  for  which  u*  is  in  G( Uj).  The  set  X'  con¬ 

tains  u*  and  all  units  that  imply  u»  nonfaulty,  and  consequently 
IX* I  <  I XI *  there  are  no  0-edges  from  s  -  X*  to  X’,  and  Mu*.)  c  L(uj) 
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for  all  Uj  In  I'.  By  definition,  however,  IL(u*)l  >  II(Uj)l  for  all 
in  X',  thus  L(u^)  s  L(u*)  for  all  tij  In  X’.  Every  edge  from  S  -  X'  to 
X'  Is  a  1-edge,  therefore  every  unit  In  S  -  X'  that  tests  X'  belongs  to 
L(u*).  s  is  t-diagnosable,  so  at  least  t  -  f IX' 1/21  ♦  1  units  In  S  -  X’ 
test  the  units  In  X*.  Therefore, 

IL(u„)l  >  t  -  flX'l/21  *  1  >  t  -  flXI/21  +  1 
for  at  least  one  unit  u*  in  X.  o 

We  know  that  Fg  is  a  critical  set.  If  In  addition  S  is  t- 
dtagnosable,  has  at  most  t  faulty  units,  and  there  exists  a  faulty  unit 
that  implies  every  unit  in  Fg  nonfaulty,  then  either  this  unit  implies 
itself  faulty,  or  the  cardinality  of  the  implied  faulty  set  of  this  unit 
is  bounded  from  below  by  t  +  1  or  both. 

Leans  3t  If  S  Is  T-diagnosable,  If  1  <  lFg»  <  x,  and  if  a  unit  u*.  in  Fg 
exists  such  that  Gill*)  fl  Fg  *  Fg,  then  either  C(u*)  fl  L(u*)  *  4  or 
IL(u*)l  >  t  +  1. 

Proof t  Suppose  that  S  is  t-dlagnosable,  1  <  IFg|  <  t,  there  exists  a 
unit  u„  In  Fg  such  that  G(u*)  fl  Fg  ■  Fg,  and  G(u*)  fl  L(u*)  *  +.  All 
edges  among  units  In  (G(u„)  D  Fg)  are  0-edges,  all  edges  from 
(G(u„)  fl  Fg)  to  L(u*)  are  1-edges,  and  all  units  in  the  sets  L(u»)  and 
W(u„)  *  S  -  (L(u„)  U  G(u*))  are  nonfaulty. 

There  are  no  tests  from  units  in  W(u*)  to  units  in  either 
(G(u»)  fl  Fg)  or  L(u*),  nor  are  there  any  tests  from  units  In 
(G( u*)  fl  Gg)  to  units  in  either  (G(u*)  fl  Fg)  or  L(u*).  There  are  also 
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no  tests  from  G(u*.)  to  N(u*) .  Thus*  the  partition 


«?rFt)  *  <(G(  u„)  U  M(u„),  L(u*) ) 


Is  a  consistent  partition  of  S  (see  Figure  3).  If  IFji  «  il(u»)I  <  t, 
then  S  has  two  consistent  partitions*  (GgtFs)  and  (G|,Fj),  such  that 


IFg|  <  t  and  IF| I  <  t,  and  hence  S  can  not  be  t-diagnosable.  Thus*  if  S 


Is  -t-dlagnosable*  If  I  <  IFg|  <  t»  and  if  there  exists  a  unit  u»  in  Fs 
such  that  (G(u*)  n  Fg)  *  Fg,  then  either  L(u*)  n  G( u#)  *  ♦  or 


IL(u#) I  >  i  +  1.  o 


Let  X  be  a  critical  subset  of  S.  By  definition  is  in  G(Uf),  and 
thus  If  Uj  is  in  X,  it  is  in  G(Uj)  n  X  and  G(u^)  n  X  is  non-empty.  If 
Uj  Is  not  in  X,  then  we  know  that  G(u^)  0  X  is  empty.  We  may  then  con¬ 
clude  that  a  unit  is  in  a  critical  set  X  if  and  only  if 

G(  up  HIM-  That  characteristic  property  of  critical  subsets  is  used 
by  the  following  algorithm  to  generate  partitions  of  the  critical  sub¬ 


sets  of  S. 


Algorithm  It  Let  X  be  a  critical  subset  of  s. 


Step  I:  Let  1  »  1  and  let  X  *  ♦. 


Step  2s  Find  a  unit  uJ#  in  X  -  X  such  that  IG(Uj*)  0  (X  -  X)>  > 
IG(u^)  n  (X  -  X)l  for  all  units  in  X  -  X*  and  let 

Xf  «  G(ut»)  n  (X  -  X). 


Step  3s  Let  t  «  ft  U  Xr 


Step  4i  If  X  -  I  ■  stop;  otherwise  let  1  »  i  +  1  and  go  to  Step  2. 

If  X  Is  a  critical  subset  of  S,  If  {Xj ,x2, . . • ,Xp)  is  a  partition 
of  X  generated  by  Algorithm  1,  and  if  for  each  1  In  {l,2,...,p},  we  let 
1X^1  »  Xjt  then* 

( I )  Xj  >  Xj  and  there  are  no  0-edges  from  Xj  to  Xj  whenever  i  <  j, 

(II)  G(u^)  fl  Xj  *  Xj  for  all  i  in  {1,2 . p), 

(III)  L(Uj)  c  L(Ujj.)  for  all  tij  in  X^,  and 

(Iv)  the  last  block  X  is  a  critical  subset  of  S. 

P 

To  each  block  of  a  partition  generated  by  Algorithm  1,  let  us 
associate  a  subset  X^  that  contains  and  all  units  that  imply  Uj* 
nonfaulty,  that  is 

*i  *  (u/*)  u  '  ui*  *a  in  G(uj)J  • 

Thus,  If  is  implied  faulty,  all  units  in  Xj  are  implied  faulty,  and 
If  J  >  It  there  are  no  0-edges  from  Xj  to  X^,  otherwise  u ^  would  be  in 
G(Uj„). 

If  S  Is  t-dlagnosable  and  if  X  is  a  critical  subset  of  S,  Lemma 
2  gives  a  lower  bound  for  the  maximal  L(Uj),  Uj  in  X.  If  at  most  i 
units  In  S  are  faulty  and  IL(u^)l  is  bounded  from  above,  then  any  parti¬ 
tion  of  a  critical  subset  generated  by  Algorithm  1  has  the  following 
properties; 

Lemma  4t  If  S  Is  t-diagnosable,  If  i  <  IFgl  (  t,  if  X  is  a  critical  sub¬ 
set  of  S,  If  {X| ,Xg, • • . ,Xp}  Is  a  partition  of  X  generated  by  Algorithm 
1,  if  IL(U| ) I  <  t  -  k  for  all  units  in  S,  where  k  <  f iXI/2]  -  I,  and 


If  J  Is  the  unique  Integer  satisfying  J(2frtl)  <  IXI  <  (Jtl)(2Jc+l),  then 
IXjl  >  2k  +  I  for  all  i  in  {1 ,2,...,p},  IXI  >  p(2k  +  I),  and  p  <  j. 

Proof/  Suppose  that  S  Is  i-dlagnosable,  IFg|  <  t,  X  is  a  critical  subset 
of  S,  and  lL(u^)|  <  x  -  k  for  all  units  uf  in  S,  where  Jc  i  flXI/21  -  I. 
Let  {Xj ,x2, . . . ,xp}  be  a  partition  of  X  generated  by  Algorithm  I.  There 
are  no  0-edges  from  S  -  X^  to  Xj  for  i  in  (l,2,...,p).  Lemma  2  implies 
that  there  exists  at  least  one  unit  Uj  in  X^  such  that 

lt(Uj)|  >  t  -  [xj/2]  +  1,  where  Xj  *  IX|I.  But  <  t  -  It  for  all 

P 

u.  In  X,  thus  x4  >  2k  +  I,  and  from  the  fact  that  IXI  *  £  IXfl  and 
J  1  1« 1  1 

IXjl  >  xf  for  all  i  in  (1,2,... ,p)  we  may  conclude  that  IXI  >  p(2Jc  +  1). 
We  have  shown  that  {j+l)(2k+l)  >  IXI  >  p(2/c+l),  therefore  J+l  >  p  and 


IV.  IMPLIED  FAULTY  SETS  OF  FAULTY  UNITS*  t  >  2 

The  set  of  faulty  units.  Fg,  is  a  critical  subset  and  as  a  result 
of  our  assumptions  on  t  and  the  maximal  lL(u^)l,  we  will  see  that 
Algorithm  l  generates  a  partition  of  F  consisting  of  one  or  two  blocks. 
Lemma  3  deals  with  the  case  of  a  single  block  and  Lemma  5  below  handles 

the  two  block  case.  Using  these  two  results.  Theorem  3  presents  a  lower 

bound  on  the  maximal  implied  faulty  sets  associated  with  the  faulty 
units.  Lemma  6  then  shows  that  this  bound  is  a  greatest  lower  bound. 

Lemma  St  If  S  Is  t-dfagnosable.  if  1  <  IFgl  <  t,  if  t  >  2,  and  if 

Algorithm  1  generates  a  two  block  partition  {Z^.Zg}  of  Fg,  at  least  one 
unit  Uj  in  Fg  exists  such  that  either  L(u^)  0  G(tij)  *  +  or 
IL(Uj)l  >  x  -  k  +  1.  where  k  is  the  smallest  integer  such  that 
t  <  6k  +  2. 

Proof t  Suppose  that  the  following  assumptions  are  satisfied* 

(HI)  S  is  T-dlagnosable, 

(H2)  t  >  2, 

(H3)  i  <  IFSI  <  t • 

(H4)  L(u()  fl  C(u^)  »  +  for  all  Uj  in  S,  and 

(H5)  IL(U|)I  <  t  -  k  for  ail  in  Fg,  where  k  is  the  smallest  integer 
such  that  i  <  6*  +  2. 

(H6)  Algorithm  I  generates  a  partition  (Zj^)  of  Fg. 

The  partition  of  Fg  consists  of  two  blocks,  hence  Lemma  4  implies  that 
IFgl  >  2 (2k  +  1),  and  thus  (HI)  through  (H5)  can  be  true  only  when 
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There  exist  units  Uj*  and  u2*  in  Xj  and  X2,  respectively,  such  that 
C(uJ#)  n  Zj  *  Zj  and  G( u2#)  nz2*  Z2.  Thus,  Mup  £  t( u,„)  for  all  ui 
In  Zj  and  L(tij)  £  L(u2*)  for  all  Uj  in  Z2.  Now  let 

a  *  <L<Uj*)  n  l(u2*>)  n  cs, 

Bj  -  U(Uj*)  n  Cg)  -  A, 

B2  =  (I.{u2*)  n  Gg)  -  A, 

Z  «  Zj  U  Z2  U  a  U  Bj  U  B2, 

and  let  IAI  *  a,  and  IB^I  *  bi  for  i  in  {1,2}. 

The  set  S  -  Z  contains  only  nonfaulty  units,  and  since 

A  U  Bj  U  B2  •  (Liu,*)  U  Uu2*))  n  Gs 

there  are  no  tests  from  S  -  Z  to  Z.  Thus  Z  Itself  must  be  t- 
dlagnosable,  therefore 

IZI  =  Xj  +  x2  +  a  +  6j  +  f»2  >  2t  -f  1 

and  since  Xj  +  x2  <  i  and  both  Z  and  S  are  t-diagnosable,  we  see  that 

a  +  bj  +  b2  )  i  +  I  .  (I) 

Let  if j  »  L<u2„)  0  Zj  and  let  »2  *  L<Uj„)  fl  Z2,  also  let  Wj  *  IBjl 
and  w2  *  IBT^I •  uj*  is  °ot  implied  faulty  by  u2„,  then  Bj  *  lf2  *  +. 

If  u,*  is  in  L(u2#),  then  Xj  £  Wj  £  X,  and  ?2  £  lf2  £  X2,  where  Xj 
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contains  and  all  units  in  Xj  that  imply  tij*  nonfaulty,  i  in  {1,2}. 

System  Z  is  shown  in  Figure  4.  We  see  that  £(Uj*)  *  A  U  flj  U  W2 
and  Hu2*)  *  A  U  U  Wj.  Assumption  (HS)  implies: 

I £>(u | ^ )  I  *  a  +  *  w2  <  t  -  k,  (2) 


li(u2*)l  s  a  +  ^  it-*,  (3) 

and  thus 

a  +  bl  +  b2  4  2t  “  2*  “  *a  *  wl  *  "2)  *  (4) 

The  units  in  (X2  U  fi2)  are  tested  only  by  the  units  in  (A  U  Wj),  so 
(HI)  implies  that 


x2  +  bZ  *  2*a  +  Wj)  >  2t  +  1 


Substituting  Eq.  (3)  Into  Eq.  (5)  we  get 


a  t  Wj  >  t  ♦  k  +  1  -  x2. 


and  substituting  Eq.  (6)  into  Eq.  (4)  produces 


*  *  bl  *  b2  <  x  ~  3*  “  1  +  (x2  ~  *2*  * 


We  know  that  x2  <  *j.  Xj  +  x?  <  :  <  6*  +  2,  and  therefore 


x2  <  Lx/2J  <3 k  +  I.  Note  that  w2  >  0,  thus  Eq.  (7)  becomes 


a  +  bj  +  b2  <  t 


which  contradicts  Eq.  (1). 


(5) 


(6) 


(7) 


(8) 


3 


»  *  •  r  jk 


mmnrait 


ui  ju  mm  mi  v  ummrrr 
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The  assumptions  (HI),  (H2),  (H3),  (H4),  (H5),  and  (H6)  lead  to  a 
contradiction,  and  we  may  conclude  that  If  S  Is  t-dlagnosable.  If 
1  <  IFgl  <  t,  if  t  >  2,  and  if  Algorithm  I  generates  a  two  block 
partition  of  Fg,  at  least  one  unit  exists  in  Fg  such  that  either 
L(Uj)  fl  G(tij)  *  ♦  or  IL(Uj)l  *  t  -  k  +  1,  where  k  is  the  smallest 
Integer  such  that  t  <  6k  +  2.  ° 

This  result  Is  used  In  the  proof  of  the  following  theorem. 

Theorem  3*  If  S  is  t-dlagnosabie.  If  I  <  IFgi  <  t,  and  if  t  >  2,  at 
least  one  unit  in  Fg  exists  such  that  either  L(Uj)  n  G(u^)  M  or 
IL(Uj)l  >  x  -  k  +  1,  where  k  is  the  smallest  integer  such  that 
t  <  6 k  +  2. 

Proof*  Suppose  the  system  S  satisfies  the  following  assumptions: 

(HI)  S  Is  i-diagnosable, 

(H2)  t  >  2, 

(H3)  1  <  IFSI  <  t, 

(H4)  L(Uj)  fl  G(u^)  «  +  for  all  in  S,  and 

(H5)  IL(Uj)l  <  t  -  k  for  all  in  Fg,  where  A  is  the  smallest  integer 
such  that  t  <  6*  +  2. 

Let  (Xj ,*2» • • • #*p)  be  a  partition  of  the  critical  subset  Fg  generated  by 
Algorithm  I.  Lemma  4  implies  that  IFgl  >  p(2k  +  1),  where  p  is  the 
number  of  blocks  In  the  partition.  Since  IFgi  <  i  <  6 k  +  2,  this 
Implies  that  p  <  3  -  (l/(2Jc+l)).  Both  k  and  p  are  positive  integers, 
thus  1  <  p  <  2,  and  we  may  conclude  that  any  partition  of  Fg  generated 
by  Algorithm  1  has  at  most  two  blocks. 
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If  the  partition  of  Fg  consists  of  a  single  block,  then  there 
exists  a  unit  In  Fg  such  that  G(U|»)  n  Fg  «  Fg.  Lemma  3  Implies 
that  either  L(Uj»)  fl  G(Uj„)  ♦  ♦  or  lL(Uj„)l  >  i  +  I,  contradicting 
either  assumption  (H4)  or  assumption  (H5).  If  the  partition  of  Fg 
consists  of  two  blocks,  then  Lemma  5  Implies  that  assumptions  (HI), 

(H2)»  (H3),  (H4),  and  (H5)  lead  to  a  contradiction. 

He  conclude  that  if  S  is  i-dlagnosabte,  If  1  <  IFg|  «  and  If  t  >  2, 
at  least  one  unit  exists  in  Fg  such  that  either  L(u^)  fl  C(u^)  ♦  4  or 
IL(Uj)l  >  i  -  k  *  1,  where  k  is  the  smallest  integer  such  that 
t  <  6*  +  2.  o 

Theorems  1  and  3  show  that  the  set  of  values  of  t  may  be 
partitioned  into  intervals  of  length  6,  except  for  the  first  interval 
that  Is  of  length  2.  For  i-dlagnosable  systems  In  which  both 
1  <  IFgl  <  t  and  L(u^)  D  G(Uj)  *  4  for  all  Uj  in  S,  Theorem  1  implies 
that  If  i  <  2,  at  least  one  faulty  unit  exists  such  that 
IL(Uj)l  >t+l,  and  Theorem  3  implies  that  if  i  <  8,  at  least  one 
faulty  unit  Uj  exists  such  that  IL(u^)l  >  t,  If  t  <  14,  at  least  one 
faulty  unit  exists  such  that  IL(Uj ) I  >  t  -  1,  and  so  forth.  The  next 
result  shows  that  for  i  >  2  the  lower  bound  given  In  Theorem  3  Is 
actually  the  greatest  lower  bound  on  the  cardinality  of  the  maximal 
£(Uj)  associated  with  the  faulty  units. 

Lemma  6«  To  every  Integer  i  >  2  corresponds  at  least  one  t-dlagnosable 
system  S  that  has  i  faulty  units  and  one  syndrome  such  that: 

(I)  L(Uj)  fl  G(Uj)  *  4  for  every  unit  in  S, 

(ii)  IL(Uj)l  ■  i  -  k  +  I  for  every  faulty  unit  u^,  where  k  Is  the 

I 

< 


smallest  Integer  such  that  t  «  6k  *  2,  and 

(HI)  IL(Uj)I  *  x  for  at  least  one  nonfaulty  unit  Uj. 

Proof/  Choose  a  value  of  x,  x  >  2,  and  find  the  smallest  integer  k  such 
that  t  <  6*  +  2.  Construct  a  system  S  that  has  the  partition 
(A,Bj»B2«B^tZ|,Z2*z3}  as  shown  in  Figure  5.  The  cardinality  of  each 
block  Is  as  follows:  IAI  *  t  -  31c  +  1,  IBjl  *  k,  for  i  in  (1,2,3), 

IZj|  «  t  -  4Jc  +  2,  and  IZ2I  -  IX3I  =  2 k  -  1.  Each  block  in  the 
partition  Is  nonempty  and  5  has  cardinality  2x  +  1. 

The  tests  among  units  In  the  systems  are  organized  In  the  following 
manner.  The  units  within  each  block  are  completely  connected.  That  Is, 
every  unit  In  Zj  tests  every  other  unit  in  Xj,  every  unit  in  B2  tests 
every  other  unit  In  B2,  and  so  forth.  The  edges  between  blocks  shown  in 
Figure  5  indicate  that  every  unit  In  the  block  at  the  tall  of  the  edge 
tests  every  unit  In  the  block  at  the  head  of  the  edge.  For  example, 
every  unit  In  Xj  tests  every  unit  in  Bj  and  vice  versa,  every  unit  in  A 
tests  every  unit  In  fl2,  and  so  forth. 

To  show  that  S  Is  T-dlagnosable  we  use  the  approach  of  Sullivan 
[SUL 84] .  We  solve  n  network  flow  problems,  where  n  Is  the  number  of 
units  In  the  system,  to  find  the  maximum  x  for  which  S  Is  i-dtagnosable. 
For  each  unit  in  S  construct  a  flow  graph  G j  =  ( V',E ')  where 
V'  «  0  U  (Sj )  and  £'  *  £  U  ((S|,u^)iuj  in  B).  In  Gj  the  vertex  S|  is 
the  source  and  the  vertex  is  the  sink.  Each  vertex,  excluding  the 
source  and  the  sink,  has  capacity  1,  each  edge  In  £  c  £'  has  Infinite 
capacity,  and  each  edge  (Sj,U;j)  in  <E'  -  E)  has  capacity  1/2.  Since  the 
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system  Is  symmetric  we  need  to  solve  only  seven  network  flow  problems, 
one  for  each  block.  We  omit  the  details  of  solving  the  network  flow 
problems  and  claim  that  for  each  of  the  networks  the  maximum  flow  Is 
(t  +  1/2),  and  thus  S  Is  -t-dlagnosable  ( [SUL84] ,  Theorem  4.1). 

The  set  of  nonfaulty  units  Is 

Gs  «  A  U  Bj  U  B2  U  B3  , 
the  set  of  faulty  units  Is 

Fg  =  x,  U  X2  U  X3  , 

and  IFgl  -  (x  -  4k  +  2)  +  2{2Jc  -  1)  =  x.  Figure  5  shows  a  syndrome 
consistent  with  the  set  of  faulty  units.  For  this  syndrome  the 
following  table  lists  the  Implied  nonfaulty  set,  the  Implied  faulty  set, 
and  the  cardinality  of  the  Implied  faulty  set  for  each  unit  In  S. 


i ,n 

6(ui) 

IL(U|) 1 

*1 

Xl 

A  U  B,  U  B3 

t  -  k  +  1 

*2 

X2 

A  U  fi|  U  S2 

x  -  k  +  l 

*3 

X3 

A  U  B2  U  B3 

x  -  k  +  1 

A 

A  U  B,  U  fl2  U  B3 

X1  U  X2  U  X3 

X 

Bl 

B1 

X1  UX2 

x  -  Zk  + 

BZ 

BZ 

X2  U  X3 

4k  -  2 

B3 

B3 

Xl  UX3 

x  -  Zk  + 

The  system  S  Is  t-dlagnosable  for  x  >  2,  It  has  x  faulty  units,  and 
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(t  has  a  syndrome  such  that 

(I)  L(u ^)  H  C(u^)  =  4  for  all  in  S, 

(II)  IL(u^)l  »  t  -  k  ♦  1  for  each  faulty  unit  u^,  where  *  Is  the 
smallest  Integer  such  that  -i  i  6k  +  2,  and 

I  (It  I)  IL(Uj)l  =  t  for  each  nonfaulty  unit  in  A  and  A  ♦  +.  o 

Lemma  6  shows  that  the  lower  bound  given  In  Theorem  3  Is  the 
greatest  lower  bound.  It  also  shows  that  the  unit  with  the  maximal 
j  Implied  faulty  set  may  be  nonfaulty.  In  the  next  section  we  Improve  the 

il  lower  bound  on  the  cardinality  of  the  maximal  L(u^)  by  considering  not 

only  the  Implied  faulty  sets  associated  with  the  faulty  units,  but  also 
^  the  Implied  faulty  sets  associated  with  the  nonfaulty  units. 

3 

I 
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-  24  - 


V.  IMPLIED  FAULTY  SETS  OF  ALL  UNITS*  x  >  2 


As  a  result  of  the  assumptions  made  in  the  previous  section  we  saw 
that  for  the  set  of  faulty  units,  Fg,  Algorithm  l  generated  a  partition 
of  at  most  two  blocks.  In  this  section  we  modify  the  assumptions  on  t 
and  k,  consequently  Algorithm  i  generates  a  partition  of  Fg  of  at  most 
three  blocks.  Lemma  3  provides  the  proof  when  Fg  has  one  block.  Lemmas 
7  and  8  below  will  prove  the  cases  when  Fg  has  two  and  three  blocks, 
respectively.  As  these  proofs  are  lengthy,  they  have  been  placed  In  the 
appendix.  Theorem  4  uses  these  three  results  to  prove  a  lower  bound  on 
the  maximal  IL(u^)l  of  all  units.  Finally,  Lemma  6  and  a  new  result. 
Lemma  9,  show  that  this  bound  is  a  greatest  lower  bound. 

Lemma  7*  If  S  Is  t-diagnosable.  If  1  <  IFg|  <  t,  if  \  >  2,  and  if 
Algorithm  1  generates  a  two  block  partition  {Xj,x2}  of  Fg,  at  least  one 
unit  Uj  In  S  exists  such  that  either  L(u^)  fl  C(u^)  ♦  ♦  or 
IL(Uj)l  >  t  -  k  ♦  1,  where  k  is  the  smallest  integer  such  that 
t  <  7 A  ♦  2. 

Lemma  8 *  If  S  Is  T-dfagnosable,  If  t  >  2,  If  1  <  IFgl  <  t,  and  if 
Algorithm  1  generates  a  three  block  partition  {Xj.x^Xg}  of  Fg,  at  least 
one  unit  in  S  exists  such  that  either  Huj)  f)  C(u j)  *  ♦  or 
IL(tij ) I  >  t  -  k  +  I,  where  k  is  the  smallest  Integer  such  that 
i  <  7*  ♦  2. 

The  following  theorem  extends  Theorem  3  by  considering  the  Implied 
faulty  sets  of  both  faulty  and  nonfaulty  units. 
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Theorem  4t  If  S  Is  i-dlagnosable,  If  l  <  IFSI  <  x,  and  if  t  >  2,  at 
least  one  unit  In  S  exists  such  that  either  L(u^)  n  G(u^)  *  ♦  or 
IL(u^)l  >  t  -  k  +  1«  where  k  Is  the  smallest  Integer  such  that 
x  <  7k  +  2. 


Proof •  Suppose  the  system  S  satisfies  the  following  assumptions: 

(HI)  S  Is  x-dlagnosable, 

(H2)  t  >  2, 

(H3)  1  <  IFSI  <  t, 

(H4)  M<ij)  n  G(Uj)  »  4  for  all  in  S,  and 

(H5)  IL(Uj) |  <  t  -  Jc  for  all  in  S,  where  k  is  the  smallest  integer 
such  that  t  <  Ik  +  2. 


The  set  of  faulty  units,  Fg,  is  a  critical  subset  of  S.  Algorithm 
1  generates  a  partition  {Xj ,x2, . . . ,Xp}  of  Fg.  Lemma  4  and  (H5)  imply 
that  iFgl  *  p(2k  +  1),  where  p  is  the  number  of  blocks  in  the  partition. 
In  this  case  IFgi  <  x  <  7k  +  2,  thus  p  <  4  -  (k+2)/(2k+l ) ,  and  the  fact 
that  k  >  1  Implies  that  I  <  p  <  3. 


If  p  =  I,  that  Is,  If  the  partition  of  Fg  has  one  block,  then  there 
exists  a  unit  Uj*  In  Fg  such  that  G{Uj*)  n  Fg  *  Fg.  Lemma  3  implies 
that  either  MUj*)  n  G(U|„)  *  ♦  or  IL(U|*)I  *  x  +  I,  contradicting 
either  (H4)  or  (H5).  If  the  partition  of  Fg  has  two  blocks,  then  Lemma 
7  Implies  that  assumptions  (HI),  (H2),  (H3),  (H4),  and  (H5)  lead  to  a 
contradiction.  Similarly,  If  the  partition  of  Fg  has  three  blocks,  then 
Lemma  8  Implies  that  the  five  assumptions  lead  to  a  contradiction. 


Therefore,  we  may  conclude  that  >f  S  Is  t-diagnosable.  If  x  >  2, 


M  m  m  •  .  *  ,  •  •  »  •  »  -  •  •  %  '  ft  «  •  ■ 
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and  If  1  <  IFgl  <  t,  at  least  one  unit  tn  S  exists  such  that  either 
Hup  n  G(up  ♦  ♦  or  IL(tij) I  >  x  -  k  +  l,  where  k  is  the  smallest 
Integer  such  that  x  <  7k  +  2.  o 

Theorems  2  and  4  show  that  the  set  of  values  of  x  may  be 
partitioned  into  intervals  of  length  7,  except  for  the  first  interval  of 
length  2.  Thus,  for  a  t-dlagnosable  system  in  which  1  <  IF  i  <  ?  and 

3 

L(up  n  G(Uj)  *  4  for  all  In  S,  Theorem  2  implies  that  if  t  <  2,  at 
least  one  unit  Uj  exists  such  that  lL(upi  >  t  *  1,  and  Theorem  4 
implies  that  If  t  <  9,  at  least  one  unit  exists  such  that 
IL(Uj)l  >  t,  if  t  (  16,  at  least  one  unit  Uj  exists  such  that 
IL(Uj)l  >  t  -  I,  and  so  forth. 

Lemma  6  shows  that  for  3  i  x  <  8  the  lower  bound  on  the  cardinality 
of  the  maximal  implied  faulty  set  gfven  In  Theorem  3  is  the  greatest 
lower  bound.  The  next  lemma  proves  a  similar  result  for  x  >  8. 

Lena  9t  To  every  integer  t  >  8  corresponds  at  least  one  t-diagnosable 
system  S  that  has  x  faulty  units  and  one  syndrome  such  that: 

(I)  L(Uj)  fl  G(up  =  4  for  every  in  S, 

(II)  l£(Uj)l  <  t  -  k  +  I  for  every  ui  in  S,  where  *  is  the  smallest 
integer  such  that  x  <  7*  +  2, 

(ill)  IL(Uj)l  »  x  -  k  +  t  for  at  least  one  faulty  unit  u^,  and 
(iv)  IL(Uj)l  *  t  -  k  +  1  for  at  least  one  nonfaulty  unit  u^. 

Proof t  Choose  a  value  of  x,  x  >  8,  and  let  k  be  the  smallest  Integer 
such  that  t  <  Ik  +  2.  Construct  a  system  S  that  has  the  partition 
Mj *^2*^1  *82**1  »*2’*3’*4^  as  s*lown  *n  Fl9ur*  6.  The  cardinality  of  each 


block  Is  as  follows*  M,l  *  \x/Z\  -  k  +  I,  IA2»  *  ft/21  -  k, 

IB, I  »  IB2I  =  *,  IX,  I  -  fT/21  -  *  +  1,  »X2I  -  lt/2J  -  *  +  l,  and 
IX3I  »  ix^l  *  It  -  1.  The  definitions  of  t  and  k  imply  that  each  block 
In  the  partition  Is  nonempty,  except  X3  *  x4  »  +  when  It  *  l,  and  S  has 
cardinality  2t  ♦  1. 

The  tests  are  organized  In  the  following  manner*  the  units  within 
each  block  are  completely  connected,  that  Is,  every  unit  In  X,  tests 
every  other  unit  In  X,,  every  unit  in  B2  tests  every  other  unit  in  fi2> 
and  so  forth;  the  edges  shown  In  Figure  6  Indicate  that  every  unit  In 
the  block  at  the  tall  of  the  edge  tests  every  unit  in  the  block  at  the 
head  of  the  edge,  for  example,  every  unit  In  X,  tests  every  unit  In  B, 
and  vice  versa,  every  unit  In  X ^  tests  every  unit  in  X^,  and  so  forth. 

As  In  the  proof  of  Lemma  5  we  use  Sullivan's  approach  [SUL84]  to 
show  that  S  Is  t-dlagnosable.  This  system  Is  also  symmetric,  so  we  solve 
eight  network  flow  problems,  one  for  each  block.  Once  again  (omitting 
some  of  the  details)  each  network  has  a  maximum  flow  of  (t  +  1/2),  thus 
S  Is  -t-dlagnosable. 

In  the  system  S  the  set  of  nonfaulty  units  Is 

«  A,  U  A2  U  B,  U  B2 
and  the  set  of  faulty  units  Is 

FS  *  X1  u  XZ  U  X3  U  X4  . 

Note  that  lfg|  a  t.  Figure  6  shows  a  syndrome  consistent  with  the  set 


of  faulty  units 


For  the  given  syndrome  the  following  table  lists  the  Implied 
nonfaulty  set,  the  Implied  faulty  set,  and  the  cardinality  of  the 


Implied  faulty  set  for  each  unit  In  S. 


Uj  in 


G(Uj) 


X,  U  x3  U  x4 
X2  u  X3  u  X4 


L(Uj) 


Ay  U  Az  U  B , 
A{  U  Az  U  B2 


Ay  U  By  U  B2 
Az  U  By  U  Bz 


x,  U  X2  U  X3 
X,  U  *2  U  X4 


IL(u/)l 


x  -  k  +  1 


*  -  k  *  I 


lx/2}  -  k  *  1 
ft/21  -  k 


X  -  It  4  1 


t  -  Jk  +  1 


rt/zi  -  *  «•  i 

lt/2j  -  *  ♦  1 


S  Is  T-dlagnosable,  i  >  8,  It  has  t  faulty  units,  and  It  has  a  syndrome 
such  that 

(I)  L(Uj)  H  Gitij)  *  ♦  for  all  Uj  In  S, 

(II)  IL(Uj)l  <  t  -  k  +  I  for  each  unit  Uj  In  S,  where  k  is  the  smallest 
Integer  such  that  i  <  7ft  +  2, 

(III)  IL(Uj)l  ■  t  -  k  +  1  for  at  least  one  faulty  unit  u^,  and 
(Iv)  IL(Uj) I  *  t  -  A  *  I  for  at  least  one  nonfaulty  unit  u^.  o 


VI.  CONCLUSION 


We  have  presented  results  concerning  the  properties  of  the  Implied 
faulty  sets  In  the  PHC  system  level  fault  model.  Unlike  previous  work 
on  Implied  faulty  set  propertlesf  we  made  no  assumptions  on  the 
structural  properties  of  a  system,  only  that  the  system  was  t- 
dlagnosable  and  had  at  most  r  faulty  units.  The  results  are  not  only 
Interesting  In  themselves,  but  also  because  of  their  Implications  In  the 
diagnosis  process. 

Given  a  t-dlagnosable  system  S  and  the  Implied  faulty  and  nonfaulty 
sets  for  each  unit,  we  can  Identify  the  set 

Fq  a  {Uj  S  £(Uj)  0  G(Uj)  *  ♦).  If  S  has  at  most  i  faulty  units,  then 
•Fq|  <  t.  In  this  case,  removing  from  S  the  units  in  Fq  and  all  tests 
Involving  these  units  produces  a  reduced  system  (S  -  Fq)  that  is 
(t  -  IFqI )-diagnosable.  The  results  of  this  paper  outline  the 
properties  of  the  maximal  Implied  faulty  sets  In  the  reduced  system 
(S  -  Fq).  If  (•*  -  IFqI)  <  2,  then  the  units  with  the  maximal  IL(uj)l 
are  faulty.  If  3  <  (t  -  IFqI)  <  9,  then  there  exists  at  least  one  unit 
Uj  such  that  l£(tij)l  >  t.  If  IL(Uj)l  >  1,  then  is  obviously  faulty. 
If  Uj  is  nonfaulty  and  IL(u^)l  =  t,  then  L(Uj)  *  Fg  and  every  edge  in 
S  -  (L( Uj)  U  G(u^))  is  a  0-edge.  On  the  other  hand,  if  is  faulty  and 
IL(Uj)|  a  t,  then  there  must  be  at  least  one  1-edge  in  edge  in 
S  -  (L(Uj)  U  G(u^))  because  S  is  i-diagnosabte.  Thus,  for  t  <  9,  which 
covers  many  reasonable  applications  of  this  model,  the  results  of  this 
paper  allow  us  to  develop  direct  diagnosis  algorithms  and  avoid  the 
added  complexity  of  transforming  the  diagnosis  problem  Into  a  graph 


I 


support  problem 
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APPENDIX 


Proof  of  Lemma  7t  Assume  that  the  system  S  satisfies  the  following 
assumptions: 

(HI)  S  is  t-diagnosable, 

(H2)  t  >  2, 

(H3)  l  <  lFgl  <  t, 

(H4)  L(u^)  U  G(Uj)  *  ♦  for  all  in  S, 

(H5)  l£(Uj)l  <  t  -  A  for  all  in  S,  where  A  Is  the  smallest  integer 
such  that  x  <  7A  ♦  2,  and 

(H6)  Algorithm  1  generates  a  partition  {Xj,X2)  of  Fg. 

If  t  <  6A  +  2,  Lemma  2  shows  that  there  exists  at  least  one  faulty 
unit  such  that  IL(Uj)l  >  t  -  A  +  I.  Thus,  we  consider  the  case 
x  >  6A  ♦  3. 

Beginning  with  the  discussion  of  ((L(ulir)  fl  L(u2*))  n  Gg),  this 
proof  follows  the  proof  of  Theorem  3  exactly.  In  the  Interest  of 
brevity  we  do  not  restate  this  material  and  rejoin  the  proof  at  Eq.  (7), 
that  Is 

a  +  bj  +  b2  <  t  -  3A  -  I  ♦  (x2  -  w2)  . 

We  know  that  Xj  +  x2  <  t,  x2  <  xJt  and  x  <  7A  +  2,  thus  x2  <  lt/2J  and 

x2  <  3A  -f  1  -f  LA/2 J .  Recall  that  if  Uj*  is  in  L(u 2„.)  then  W2  *  +  and 

X2  £  V2  £  X2 .  If  so,  then  Lemma  4  and  (H5)  imply  that 
w2  »  IX^I  >  2A  ■#>  1  and  thus,  x2  -  w2  <  A  -f  [A/2J .  Substituting  this 
last  Inequality  into  Eq.  (7)  produces 
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a  ♦  i)j  +  b2  <  t  -  (*  +  f It/21  +  D  <  *  +  1  (9) 

which  contradicts  Eq.  (I).  Therefore,  If  (HI)  through  (H6)  are 
satisfied,  then  Wj  »  »2  »  ♦  and  there  are  no  1-edges  between  and  *2. 

We  now  consider  the  nonfaulty  units  In  the  system.  Recall  that 
A  -  (MUj*)  n  L(u2*))  n  Gg  and  141  *  a.  Since  Wj  =  +  ,  Eq.  (6)  becomes 

a  )  x  +  k  +  1  -  x2  (10) 

thus 

a  >  ft/21  ♦  k  *  1  (ID 

and  A  ♦  ♦.  There  are  no  tests  from  (Gg  -  A)  to  A,  otherwise  these  units 
would  also  belong  to  A.  Assumption  (H4)  Implies  that  there  are  no  0- 
edges  from  fg  to  A,  and  thus,  A  Is  a  critical  subset  of  S.  Applying 
Algorithm  I  to  A  produces  a  partition  £A j ,A2> . . . ,  Aq),  1  <  q  <  a.  Lemma 
4  and  (H5)  Imply  that  a  >  g(2*  +1),  where  g  is  the  number  of  blocks  In 
the  partition  of  A.  To  determine  an  upper  bound  on  the  cardinality  of 
A,  combine  Eqs.  (D  and  (4)  to  get  t  +  1  <  2t  -  2*  -  a,  and  thus 

a  <  t  -  2Jc  -  1  <5A+l  (12) 

since  x  <  7*  ♦  2.  The  partition  of  A  contains  at  most 
4  <  3  -  (#c+ 1  )/(2Jk+l )  blocks,  both  q  and  k  are  integers,  and  we  may 
conclude  that  the  partition  of  A  consists  of  one  or  two  blocks.  We  will 
prove  that  In  both  cases  the  assumptions  (HI)  through  (H6)  lead  to  a 
contradiction. 

We  first  consider  the  case  In  which  A  has  a  two  block  partition 


(A|,A2).  The  one  block  case  A  «  {A|}  will  follow  from  this  one.  If  A 
has  a  partition  of  two  blocks,  then  there  exists  a  unit  ufl|  in  A|  and  a 

unit  ufl2  in  *2  such  that  C(ua|)  n  Al  “  Ai  and  c^ua2^  n  Az  *  *2*  Thus 
Hu*)  £  t(ual )  for  all  In  Aj  and  £.(11^)  £  £.(ua2)  for  all  In  A2. 

(For  the  rest  of  this  proof  we  denote  cardinality  of  any  subset  of  S 
using  lower  case  notation,  l.e.  IAjI  «  a(.)  The  blocks  and  A2  have 
the  following  properties:  a2  <  [a/ 2J,  and  )  2k  n  for  i  »  I 

and  1*2. 

Returning  now  to  the  units  In  X2>  we  combine  Eqs.  (12)  and  (6)  to 
get  t  -  2 k  +  I  >  ■%  t  k  t  I  -  x2,  and  thus 

x2  >  3*  ♦  2  .  03) 

Since  x2  <  Xj  and  x?  <  lt/2J ,  we  see  that  6k  +  4  (  IFgl  <  t.  Therefore, 
If  IFgl  <  6k  +  3  or  If  t  <  6k  +  3  assumptions  (HI)  through  (H6)  can  not 
hold. 

We  are  interested  In  the  subsets  L(uaJ)  n  *2  and  Liua2*  n  x2‘  Let 
^2  *  *2  “  n  t(ua2))»  For  i  In  {1,2}  let  X2i  be  a  subset  of  X2 

such  that  X2j  n  t(uaf)  *  ♦  and  let  fi2j  be  the  units  in  B2  implied  faulty 
by  at  least  one  unit  In  X 2j.  The  units  in  (X2j  U  B2i)  arm  tested  at 
most  by  the  units  In  X2  -  X?i  and  A  -  Af.  Assumption  (HI)  implies  that 

x2^  ♦  b2i  f  2(x2  x2^  ^  ~  8 ^ )  )  2t  4  1 

We  substitute  &2j  <  b2  and  2x2  <  2lt/2J  <  t  into  Eq.  (14)  to  get 


(14) 


and  we  substitute  Eq.  (3),  2a1  >  2(2*  +  l),  and  x21  >  0  Into  Eq.  (15)  to 
get  t-*  +  a>i  +  4*-f3,  that  Is 

a  >  5*  +  3  (16) 

which  contradicts  Eq.  (12).  Therefore,  *  4  for  i  in  (1,2)  which 
Implies  that  =  4  and  thus  X2  C  (Muaj)  D  Ku^)). 

Now  we  turn  our  attention  to  the  units  in  that  are  implied 

faulty  by  the  units  In  A.  Let  Xj  »  x,  -  (L(ual)  n  L(ua2)).  Suppose 

there  exists  a  subset  X^  of  X.  such  that  X^  n  L(u^)  *  4  for  all  in  A. 

a  i  a  j  j 

We  use  the  Implied  nonfaulty  set  G(u,*)  to  partition  X  .  Let 

cr  a 

Xol  a  Xa  n  C( u2#)  and  let  Xa2  *  *«  '  *al *  Since  there  are  no  tests  from 

any  unit  In  Bj  to  any  unit  in  G(u2*)  n  Xj,  the  units  in  XQ|  are  tested 

at  most  by  the  units  In  (Xj  -  XaJ)  U  X2.  Assumption  (HI)  incites  that 

Xal  *  2(xl  “  xal  +  x2)  >  2t  +  1  .  (17) 

Substituting  Xj  +  x2  <  t  into  Eq.  (17)  we  obtain  2t  -  xQ,  >  2t  +  1 . 

This  can  not  be  true,  thus  X  .  »  4  and  X  _  =  X  . 

a  i  a  ca. 

Let  be  the  units  in  6|  implied  faulty  by  at  least  one  unit  in 

X  .  The  units  in  X.  II  B.  are  tested  at  most  by  the  units  X,  -  X  .  thus 
a  a  a  l  a 

assumption  (HI)  Implies  that 

xa  +  ba  *  2(Xj  -  xQ)  >  2t  +  1  .  (18) 

Note  that  <  bj  and  bj  <  t  -  k  -  a  from  Eq.  (3).  Substituting  this. 


and  therefore 


t  -  *  -  a  4  Zx  -  x_  >  2t  4  l  4  2x0 
o  c. 

i  >  a  4  2x 2  4  k  4  1  4  xa  .  (19) 

Now  substituting  Eq.  (10)  Into  Eq.  (19)  we  get 

x  >  t  +  2k  4  2  4  x2  +  X<J|  (20) 

which  can  not  be  true.  Thus,  If  assumptions  (HI)  through  (H6)  hold  then 
X,  £  U(ua,)  U  L(ua2)). 

Partition  into  four  blocks,  {Xj i ,X12’*13,X14^  such 
(I)  (Xn  U  X12)  C  L( ufll)  and  (Xn  U  X,2)  0  Uua2)  »  ♦  . 

(ID  (X13  u  X,4)  C  t(ua2)  and  (XJ3  U  X,4)  n  L(ual)  *  ♦, 

(HI)  <Xn  U  X13)  0  C(u2*)  *  +,  and 
(Iv)  (XJ2  U  X,4)  £  G(u2*). 

Therefore,  Xj  =  Xjj  4  Xj2  4  Xj3  4  X|4.  The  above  definitions,  plus  the 
fact  that  X2  £  (L(uaJ)  n  L(ua2)),  imply  that 

l«Ua|)l  )  Xj  +  x2  -  (xl3  4  xM)  and  IL(ua2)l  >  Xj  +  x2  -  (x,j  +  xl2). 
Since  H.(u^)l  <  t  -  k  for  all  In  S  observe  that 

*13  +  X14  >  X,  +  x2  4  k  -  t  (21) 

and 

X„  4  XI2  >  X,  4  X2  4  k  -  T  .  (22) 

We  now  show  that  if  all  the  assumptions  are  satisfied,  then 
Xj j  *  Xj3  *  +  .  Let  Bjj  be  the  units  in  Bj  Implied  faulty  by  at  least 


* rr  »  in  • .  vi/  v  ■  j.w  :v .  -  ? ,  n.1 .  •  - 
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one  unit  tn  X^  and  let  be  the  units  in  Bj  implied  faulty  by  at 
least  one  unit  In  X^.  There  are  no  tests  from  X2  to  either  Xjj  or  Xjg, 

The  units  In  Xjj  U  Bjj  are  tested  at  most  by  the  units  in  Xj  -  Xj 
and  Aj,  thus  (HI)  implies  that 


*11  +  ^11  +  2*xl  "  *1  *  >  2t  +  1  . 


From  Eqs.  (21)  and  (22)  we  see  that  -  2x{  <  3t  -  3(Xj  +  x2  +  *). 
Substituting  this,  plus  b^  <  bj  and  2a(  *  2a  -  2a 2  into  Eq.  (23)  and  we 


(b j  +  2a  -  2a2 )  *  2x(  3-t  -  3(Xj  +  x2  +  *)  >  2x  *  1 

and  therefore 


bj  +  2a  +  x  »  Xj  +  3x2  +  2a2  *  3*  +  I  . 


Substituting  Eqs.  (2)  and  (12)  Into  the  left  hand  side  of  Eq.  (24), 
substituting  Xj  +  3x2  »  4x2  >  4(3*  +  2)  and  2a2  >  2(2*  +  1)  into  the 
right  hand  side  of  Eq.  (24)  we  obtain 


t  -  *  +  (1  -  2*  -  1)  +  1  *  19*  +  11 


which  reduces  to  3t  >  22*  +  12,  that  is,  t  >  7*  +  4  +  (*/ 3).  This 
contradicts  assumption  (H5),  thus  X^  =  ♦. 


The  units  In  X^  U  B^  are  tested  at  most  by  the  units  in  Xj  -  Xj 
and  *2,  thus  (HI)  implies  that 


X13  +  b\3  *  2(xl  -  x,  +  a2)  )  2x  f  1  . 


WVi 


WJ 


(26) 


Substituting  this,  plus  fcj3  <  b j  and  2 «2  <  a  Into  Eq.  (26)  we  get 

dj  +  a  +  2Xj  +  3t  -  3 (x |  +  x2  +  k)  >  2t  +  1 
and 

bj  a  +  t  >  Xj  +  3Xg  +  3k  -f  1  .  (27) 

Substituting  Eq.  (2)  Into  the  left  hand  side  of  Eq.  (27)  and 
substituting  Xj  +  3x2  >  4x2  >  4(3k  +  2)  Into  the  right  hand  side  of  Eq. 
(27)  we  obtain 

(i  -  k)  +  t  >  15k  +  9  (28) 

which  reduces  to  2t  >  16k  ♦  9,  and  t  >  8k  (9/2).  This  contradicts 
assumption  (H5),  thus  XJ3  a  4. 

As  a  result  of  the  partitioning  algorithm,  iHu^)  n  Fgl  < 

*t(Uj#)  fl  Fgl  *X|.  We  know  that  I £(u2»)  f)  Fgl  >  x2  +  Xj2  +  x,4,  thus, 
Xj  -  x,4  >  x2  +  x,2  >  x2.  This  Implies  that 

,t(ual)|  )  Xj  +  x2  -  x,4  >  2x2.  Substituting  x2  >  3k  +  2  and  7k  *  2  >  t 
Into  this  last  Inequality  produces  lL(uaJ)|  >6kf4>t-k+2,  which 
contradicts  (H5).  Therefore,  If  Algorithm  l  generates  a  two  block 
partition  of  A,  assumptions  (HI),  (H2),  (H3),  (H4),  (H5),  and  (H6)  lead 
to  a  contradiction. 

Now  consider  the  case  In  which  Algorithm  1  generates  a  one  block 
partition  of  A.  In  this  case  there  exists  a  unit  uaJ  in  A  such  that 


*2  *  *2  ~  t(u—j ) .  From  the  previous  case  we  see  that  if  (HI)  through 
(H6)  are  satisfied,  then  X2  =  f  and  X2  C  t(uaI).  Suppose  now  that  there 
exists  a  subset  of  Xj  such  that  Xj  *  Xj  -  L(uaj).  Once  again  the 
previous  case  Indicates  that  if  the  six  assumptions  hold,  then  =  4. 
Thus.  IL(uaJ)l  >  Xj  +  x2  >  6*  +  4  >  T  -  k  +  2r  which  contradicts  (H5). 
Therefore,  if  Algorithm  1  generates  a  one  block  partition  of  A,  the 
assumptions  (HI),  (H2),  (H3),  (H4),  (H5),  and  (H6)  can  not  hold 
simultaneously. 

He  have  shown  that  in  all  cases  the  assumptions  (HI)  through  (H6) 
lead  to  a  contradiction.  Therefore,  if  S  is  t-dlagnosable,  If  t  >  2,  If 
1  <  IFgl  <  x,  and  if  Algorithm  1  generates  a  two  block  partition  (Xj,X2) 
of  Fg,  then  there  exists  at  least  one  unit  in  S  such  that  either 
LiUj)  f)  GlUj)  =  ♦  or  IL(Uj)l  »  t  -  k  +  1,  where  k  is  the  smallest 
Integer  such  that  x  <  7k  +  2.  o 

Proof  of  Lemaa  8t  Suppose  the  system  S  satisfies  the  following 
assumptions: 

(HI)  S  is  T-dlagnosable, 

(H2)  t  >  2, 

(H3)  1  <  iFg*  <  t. 

(H4)  Liu*)  fl  G( uf)  *  ♦  for  all  ul  in  S,  and 

(H5)  IL(Uj) I  <  t  -  k  for  all  in  S,  where  k  is  the  smallest  integer 
such  that  t  <  lk  +  2. 

(H6)  Algorithm  1  generates  a  three  block  partition  {Xj,x2,X3J  of  Fg. 
Once  again  we  denote  all  subsets  of  S  using  upper  case  letters  and  the 
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cardinalities  of  these  subsets  using  lower  case  letters. 


If  i  <  6Jk  ♦  2,  Lemma  1  Implies  that  there  exists  at  least  one 


faulty  unit  such  that  IL(Uj)l  *  t  -  k  ♦  1.  and  thus  we  consider  the 
case  6*  +  3  <  x  <  7*  +  2.  The  partition  ttj.X2,X3)  of  Fs  has  the 
properties  x,  ♦  x2  *  x3  *  x  and  x,  >  x2  >  x3.  Lemma  4  and  assumption 
(H5)  Imply  that  xf  >  2k  +  1  for  1  in  (1,2,3),  thus  IFgl  >  6k  +  3  and 


2k  +  l  <  x,  (  (t/3J 


2*  +  1  <  x2  <  [(t-x3)/2J  <  (t  -  2k  -l)/2 
t/3  <  x,  <  t  -  (x,  -f  x2)  <  3*  . 


There  exists  a  unit  u,,  in  X,  such  that  G(u,,)  n  X,  «  X.,  a  unit 
u2,  In  X2  such  that  G(u2,)  n  X2  *  X2,  and  a  unit  u3,  in  X3  such  that 
ff(«3ir)  ni3  *  X3.  Therefore,  Hu^)  C  MUj,)  for  all  u^  in  Xj,  i  In 
(1,2,3).  We  partition  the  nonfaulty  units  using  the  Implied  faulty  sets 


Mu,,),  L(u2„),  and  L(u3,).  Let 


a  *  (Mu.,)  n  mu„)  n  L(u,,))  n  cc  , 


®i  *  (Mu,,)  n  l(u2,) )  n  (6g  ■  a)  , 


b2  *  (Mu2,)  n  l(u3,)>  n  (cs  -  a)  , 


b3  -  a<u3*)  n  Mu,,))  n  (cs  -  a)  , 


B  ■  B,  U  B2  U  S3, 


c.  «  L<u.*)  n  (6-  -  (A  U  B)) 


C2  -  t(u2ir)  fl  (6g  -  (A  U  B))  , 


C3  «  t(u3#>  fllJj-MUB))  . 


C  »  Cj  u  C2  U  C3, 


and  final ly,  let 


Z  =  FSUAUBUC. 


The  set  S  -  Z  contains  only  nonfaulty  units*  and  as  In  the  proof  of 
Theorem  3,  there  are  no  tests  from  S  -  Z  to  Z.  Thus*  Z  Itself  must  be 
t-dlagnosable,  z  >  2i  +  1.  and 


a  +  b  +  c>i  +  I 


since  Xj  ♦  x2  +  x3  <  t. 


We  now  consider  L(Uj„)  (1  Fg  for  i  In  {1,2,3}.  Assumption  (H4) 

states  that  L(u^)  n  G( u^)  *  4  for  all  in  5,  so  there  are  no  1-edges 

between  units  In  a  block  X^.  There  may*  however,  be  l-edges  between 

units  In  different  blocks  of  Fg.  Define  the  sets  tfj,  i  In  (1*2, 3, 4, 5, 6}* 

as  follows*  ir,  «  Muj*)  n  x2,  h2  -  Uullt)  n  x3,  w3  -  t(u2ir)  n  x,* 

w4  »  t(u2#)  n  x3*  »5  »  L(u3„)  fl  X,,  and  M6  -  L(U3»)  n  x2.  Let 
6  6 

W  «  UV.,  and  let  IWI  »  w  -  I  w#.  For  i,J  In  {1,2,3},  If  is  in 
i-1  1  l«l  1  J 

t(uJjr)  then  Is  In  L(Uj»),  X^  c  L(ujir),  and  Xj  c  L(u^»).  If  Ifj  4  4, 


vyyyj  i  ~f>yyyy>  ivs5ca>»r  imvvvy 


Lenina  4  and  (H5)  Imply  that  w^  >2 k  +  I. 

By  assumption  (H5)  lt(u1)i  <  t  -  k  for  all  tij  in  S,  thus 


•Mu,*)l  »  a  +  bj  +  i>3  +  Cj  +  Wj  +  w2  <  t  -  Ic  ,  (33) 

IL<u2»)I  »  a  +  bj  +  b2  +  c2  +  w3  +  w4  <  t  -  k  ,  (34) 

l£(u3„)l  *  a  +  b2  +  b3  ♦  c3  +  +  »f6  <  t  -  *  .  (35) 

Combining  Eqs.  (33),  (34),  and  (35)  we  get 

3a  ♦  2b  ♦  c  +  w  <  3t  -  3k  .  (36) 


Since  S  is  t-dlagnosable,  we  can  combine  Eqs.  (32)  and  Eq.  (36)  to  get 

a  +  b<2i-(a  +  w  +  3Jk+l)  .  (37) 

To  get  an  upper  bound  for  (a  +  b  +  c),  we  need  an  upper  bound  for 
c.  Let  Xjc  be  those  units  In  Xj  implied  faulty  by  the  units  in  Cp  The 
units  in  Xjc  u  Cj  are  tested  only  by  the  units  in  A,  Bp  fi3,  Bp  and  B2. 
Thus,  assumption  (HI)  implies  that 

*ic  *  c\  *  Z(a  +  bj  ♦  b3  +  Wj  +  w2)  >  2t  +  1  .  (38) 

Substituting  Eq.  (33)  and  xJc  «  Xj  into  Eq.  (38)  we  get 
Xj  +  Cj  ♦  2(t  -  *  -  Cj)  >  2t  +  I  and 

x,  -  2Jk  -  I  >  Cj  .  (39) 

Using  a  similar  approach  we  can  show  that 
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units.  Any  test  from  X^  to  Bj  that  has  a  1  outcome  implies  that 
>  L(u3#)  0  Bj  ♦  ♦  and  any  such  test  with  a  0  outcome  implies  that  both  Uj* 

and  Ug,  are  in  L(u3„).  So  there  are  no  tests  from  X3  to  Bj  and  fi|  is 
tested  only  by  the  units  in  Xj  u  X2.  Assumption  (HI)  implies  that 

fcj  +  2(Xj  +  x2)  >  2t  +  1  .  (45) 

Substitute  2(Xj  +  x2)  <  2t  -  2x3  Into  Eq.  (45)  we  get 

Bj  >  2x3  +  1  .  (46) 

Using  similar  reasoning  we  can  show  that 


and 


*2  >  2xj  ♦  1 


(47) 


B3  >  2x2  +  1  . 

Both  Bj  and  B3  are  in  £(Uj*}  so  we  can  combine  Eqs. 
with  Eq.  (33)  to  get 


(48) 

(46)  and  (48) 


t  -  A  >  Bj  +  b3  >  2x2  +  2x3  +  2  .  (49) 

Note  that  Eqs.  (29)  and  (30)  Imply  that  2x2  +  2x3  >  4(2Jt  *  1),  thus  Eq. 
(49)  becomes  t  >  9*  t  6,  which  contradicts  assumption  (H5).  Thus,  If 
A  »  ♦,  either  Bj  a  +  or  B3  *  ♦  .  We  can  also  show  that  Eqs.  (34),  (46), 
and  (47)  Imply  that  either  Bj  *  4  or  B2  »  ♦  and  Eqs.  (35),  (47),  and 
(48)  Imply  that  either  B2  «  ♦  or  B3  »  ♦.  Therefore,  If  A  «  ♦  at  most 
one  of  (B|,B2,B3)  is  nonempty. 
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For  i  In  (1,2,3),  recall  that  X^  is  the  subset  of  Xj  containing  iij* 
and  all  units  that  are  implied  faulty  If  is  implied  faulty.  If 
B2  ♦  ♦  and  B |  *  Bj  «  ♦  ,  the  units  in  Xj  U  Cj  are  tested  at  most  by  the 
units  In  Vj  U  Hg’  In  case  (HI)  implies  that 

Xj  +  Cj  +  2(*fj  +  w2>  >  2t  +  1  .  (50) 

Substituting  Xj  <  Xj  and  Eq.  (33)  into  Eq.  (50)  we  get 
Xj  *  (t  -  k)  +  W|  -f  1*2  *  2t  +  1  °r 

Xj  +  Wj  +  w2  >  t  +  k  +  1  .  (51) 

At  most  one  of  {(S1),(S2),(S3)}  Is  true,  so  at  most  one  of  ** 

nonempty.  Therefore,  Wj  -f  *2  <  max  (Wj,*^  <  x2  and  Eq.  (51)  becomes 

x+k+1  <  Xj  +  x2  <  t  -  x3  (52) 

which  is  obviously  a  contradiction.  Similar  contradictions  arise  when 
either  B(  ♦  +  or  Bj  ♦  #.  We  conclude  that  if  assumptions  (HI),  (H2), 
(H3) ,  (H4) ,  (H5)  and  (H6)  are  satisfied  and  at  most  one  of 
( (SI ) , (S2) , (S3) }  Is  true,  then  AM. 

Since  A  *  ((L(Uj„)  fl  L(u2„)  n  L(u3*))  fl  Cg),  we  see  that 
(Xj  U  X2  U  Xj)  C  L(u^)  for  all  in  A.  Lemma  4  and  assumption  (H5) 
Imply  that  1X^1  *  2k  +  I  for  i  In  (1,2,3).  Therefore, 

IL(Uj)§  t  6k  +3)x-k+  I  for  all  Uj  in  A,  which  contradicts  (H5). 

Thus,  In  all  cases  the  assumptions  (HI)  through  (H6)  lead  to  a 
contradiction.  Therefore,  If  S  is  i-dtagnosable,  If  t  >  2,  if 
1  <  IFgl  <  t,  and  if  Algorithm  1  generates  a  three  block  partition 


of  rs,  at  least  one  unit  u1  In  S  exists  such  that  either 
L(Uj)  0  C(u ♦  ♦  or  IL(u^) I  >  t  -  It  ♦  1,  where  k  Is  the  smallest 
Integer  such  that  i  <  7A  +  2.  o 


£ 


Unclassified _ 

s(Cu«,rv  classification  Of  This  page 


it  report  security  classification 

Unclassified 


3»  SECURITY  CLASSIFICATION  AUTHORITY 


D-^na  ufo 


REPORT  DOCUMENTATION  PAGE 


lb.  RESTRICTIVE  MARKINGS 


3»  oECLASSi  F  1C  AT  I  ON/DOWNGRADING  SCHEDULE 


A.  PERFORMING  ORGANIZATION  REPORT  NUMBERIS) 

JHU/EECS-86/09 


6a.  NAME  OF  PERFORMING  ORGANIZATION 

The  Johns  Hopkins  University 


3.  OiSTRIBUTlON/A  VAILA 

Unrestri 


5.  MONITORING  ORGANIZATION  REPORT  NUMBcR(S) 


b.  OP  PICE  SYMBOL 
(If  applicable  I 


8b.  OFFICE  SYMBOL 

(If  applicable!.:--  - 

N/A 


6c.  ADDRESS  (Cily.  Slaw  and  ZIP  Code I 

Charles  and  34th  Streets 
Baltimore,  Maryland  21218 


6a.  NAME  OF  FUNOING/SPONSORING 
ORGANIZATION  ' 

AFOSR/PKZ 


Be.  ADDRESS  (City.  Stale  and  ZIP  Code! 

Building  410 

Bolling  AFB  -  DC  20332-6448 


11.  TITLE  /Include  Security  CteMi/icauoniTHE  PMC  SYSTEM  LEV 
FAULT  MODEL;  CARDINALITY  PROPERTIES  OF  THE  I 

12.  PERSONAL  AUTHOR(S) 

Kennedy,  M.A.  and  Meyer,  G.G.L. 


13a  TYPE  OP  REPORT 

Interim 


IB.  supplementary  notation 


7a.  NAME  of  monitoring  ORGANIZATION 

Air  Force  Office  of  Scientific  Research  /NM 


7b.  AOORESS  (City.  State  and  ZIP  Code! 

Bolling  AFB,  Washington  DC  20332 


8.  PROCUREMENT. INSTRUMENT  IDENTIFICATION  NUMBER  "  > 

AFOSR-85-0097 


10.  SOURCE  OF  FUNDING  NOS. 


PROGRAM 
ELEMENT  NO. 


LIED  FAULTY 


WORK  UNIT 
NO. 


mwrr. 


14.  DATE  OF  REPORT  (Yr..  Mb..  Day!  I  15.  PAGE  COUNT 

September  5,  1986  I  52 


17  COSAT  I  COOES 


FIELD  GROUP  I  SUB.  GR. 


IB.  SUBJECT  TERMS  (Continue  on  reveree  if  neceeeary  and  identify  by  block  number! 

System  level  fault  model,  faults,  tests,  test  outcome, 
implied  faulty  set,  diagnosis  algorithms. 


IB.  ABSTRACT  t Commit e  on  rtvtnf  if  necetemry  and  identify  by  block  number) 

In  this  report  we  consider  one  aspect  of  the  PMC  system  level  fault  model,  the  proper¬ 
ties  of  the  implied  faulty  sets.  For  C-dlagnosable  systems  that  have  at  most  faulty  units 
we  present  lower  bounds  on  the  cardinality  of  the  maximal  implied  faulty  sets.  When  Z.  <  2, 
we  show  that  the  cardinality  of  the  maximal  implied  faulty  sets  is  greater  than£.  In  the 
case  Z>  >  2  we  have  two  results:  (i)  the  cardinality  of  the  maximal  implied  faulty  sets 
associated  with  the  faulty  units  is  greater  than  or  equal  to  £  -  k  +  1,  where  k  is  the 
smallest  integer  such  that  Z>  £  6k  +  2,  and  (ii)  the  cardinality  of  the  maximal  implied 
faulty  sets  of  all  the  units  is  greater  than  or  equal  to  7»  -  k  +  1,  where  now  k  is  the 
smallest  integer  such  that  Zt£7k  +  2.  Finally,  we  show  that  these  bounds  are  greatest 
lower  bounds  and  In  the  conclusion  indicate  how  these  results  may  be  used  in  diagnosis 
algorithms. 
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